JustLeif
commented
2 days ago I briefly attempted to try to implement this, using the documentation here https://developers.cardano.org/docs/integrate-cardano/user-wallet-authentication/. From my perspective, the API should look like this if we don't want breaking changes.
export const checkSignature(
data: string,
{ key, signature }: DataSignature,
address?: string
) => { ... }Another helper function we probably need (I didn't see it in the libraries CoseSign1 implementation), is an equal of the:
CoseSign1.headers().protected().deserialized_headers()Found in the @emurgo/cardano-message-signing-nodejs package. (I noticed that library was not a dependency of the MeshSDK).
I imagine the added logic would look like this (packages/mesh-core-cst/src/message-signing/check-signature.ts):
const builder = CoseSign1.fromCbor(signature); // line 9
// address check
if(address) {
const headermap = builder.headers().protected().deserialized_headers();
const addressHex = Buffer.from( headermap.header( Label.new_text("address") ).to_bytes() )
.toString("hex")
.substring(4);
const derivedAddress = Address.from_bytes( Buffer.from(addressHex, "hex") );
if(address !== derivedAddress) return false;
}
// end address checkDo we already have a way to get the headermap from the signature? If so then we just have to add that line to the checkSignature function.
Thanks for your hard work on MeshJS, it really is appreciated. You made development on Cardano a lot easier for me.
Is your feature request related to a problem? Please describe.
See:
345
346
Describe the solution you'd like
Expand the capability of checking signature like CF solution